1. Technical Field
The present invention relates generally to session management in a multi-tier web environment in which client browsers access back-end application resources through a server front-end.
2. Background of the Related Art
Web portals centralize access to information, applications, and services for employees, customers, or partners. They deliver a consolidated view that lets users access the most important electronic resources of the organization using a standard technology (a web browser), simply and efficiently. Within a Web portal or like environment, typically a proxy or web server acts as a front-end “point of contact” to a set of back-end applications or application components. In this type of multi-tier server-side environment, a user of a client-side web browser authenticates to a back-end application when a first request to the application is made. Upon authentication, the server-side invokes local resources (execution threads, memory, and the like) to handle the session. These server-side resources remain active even if the end user later shuts down his or her web browser on the client-side of the connection. This creates a significant drain on the server-side, as those resources are not then available to service other sessions. It also leaves open the possibility of session hijacking, which may occur when a cookie is stolen before the browser shuts down, as the cookie may then be re-used by some other user after shutdown and before a time-out or disabling of the cookie by the server-side.